REST Resource: alerts

Resource: Alert

An alert affecting a customer.

JSON representation
{
  "customerId": string,
  "alertId": string,
  "createTime": string,
  "startTime": string,
  "endTime": string,
  "type": string,
  "source": string,
  "data": {
    "@type": string,
    field1: ...,
    ...
  },
  "securityInvestigationToolLink": string,
  "deleted": boolean,
  "metadata": {
    object (AlertMetadata)
  },
  "updateTime": string,
  "etag": string
}
Fields
customerId

string

Output only. The unique identifier of the Google account of the customer.

alertId

string

Output only. The unique identifier for the alert.

createTime

string (Timestamp format)

Output only. The time this alert was created.

startTime

string (Timestamp format)

Required. The time the event that caused this alert was started or detected.

endTime

string (Timestamp format)

Optional. The time the event that caused this alert ceased being active. If provided, the end time must not be earlier than the start time. If not provided, it indicates an ongoing alert.

type

string

Required. The type of the alert. This is output only after alert is created. For a list of available alert types see G Suite Alert types.

source

string

Required. A unique identifier for the system that reported the alert. This is output only after alert is created.

Supported sources are any of the following:

  • Google Operations
  • Mobile device management
  • Gmail phishing
  • Domain wide takeout
  • State sponsored attack
  • Google identity

data

object

Optional. The data associated with this alert, for example google.apps.alertcenter.type.DeviceCompromised.

deleted

boolean

Output only. True if this alert is marked for deletion.

metadata

object (AlertMetadata)

Output only. The metadata associated with this alert.

updateTime

string (Timestamp format)

Output only. The time this alert was last updated.

etag

string

Optional. etag is used for optimistic concurrency control as a way to help prevent simultaneous updates of an alert from overwriting each other. It is strongly suggested that systems make use of the etag in the read-modify-write cycle to perform alert updates in order to avoid race conditions: An etag is returned in the response which contains alerts, and systems are expected to put that etag in the request to update alert to ensure that their change will be applied to the same version of the alert.

If no etag is provided in the call to update alert, then the existing alert is overwritten blindly.

AlertMetadata

An alert metadata.

JSON representation
{
  "customerId": string,
  "alertId": string,
  "status": string,
  "assignee": string,
  "updateTime": string,
  "severity": string,
  "etag": string
}
Fields
customerId

string

Output only. The unique identifier of the Google account of the customer.

alertId

string

Output only. The alert identifier.

status

string

The current status of the alert. The supported values are the following:

  • NOT_STARTED
  • IN_PROGRESS
  • CLOSED

assignee

string

The email address of the user assigned to the alert.

updateTime

string (Timestamp format)

Output only. The time this metadata was last updated.

severity

string

The severity value of the alert. Alert Center will set this field at alert creation time, default's to an empty string when it could not be determined. The supported values for update actions on this field are the following:

  • HIGH
  • MEDIUM
  • LOW

etag

string

Optional. etag is used for optimistic concurrency control as a way to help prevent simultaneous updates of an alert metadata from overwriting each other. It is strongly suggested that systems make use of the etag in the read-modify-write cycle to perform metatdata updates in order to avoid race conditions: An etag is returned in the response which contains alert metadata, and systems are expected to put that etag in the request to update alert metadata to ensure that their change will be applied to the same version of the alert metadata.

If no etag is provided in the call to update alert metadata, then the existing alert metadata is overwritten blindly.

Methods

batchDelete

Performs batch delete operation on alerts.

batchUndelete

Performs batch undelete operation on alerts.

delete

Marks the specified alert for deletion.

get

Gets the specified alert.

getMetadata

Returns the metadata of an alert.

list

Lists the alerts.

undelete

Restores, or "undeletes", an alert that was marked for deletion within the past 30 days.